Belgium Root CA6 Not installed with Middleware

[GaetanCambier]

Hello

The midleware not install Root Certificate Belgium Root CA6 witch is needed for news eids cards Other Root Certificate (CA2 CA3 CA4) are corectly installed

Could you correct this ?

[yoe]

On which OS are you seeing this issue?

[GaetanCambier]

Windows 11 Professionnel x64

SoftWare installed : BeidMW_64_5.0.17.5498.msi BeidViewer 5.1.2.5886.msi

[Frederikus]

Hi,

I'm not sure if I understand you correctly, But the middleware installers do not install any Belgian rootCA.

When you insert a smartcard, MS Certificate Propagation service will use the middleware to collect the certificates from the smart card, and place them into the Windows Certificate Store. The Belgian RootCA6 is present on new (applet 1.8) eID cards. On the most recent Windows versions, there is an entry "by smart card trusted root certificates" in the cert store (bottom entry in certmgr.msc)

Should you want Belgian rootCA6 (e.g. for preparing your server) without having an applet 1.8 eID card, you can find Belgian rootCA6 here: https://repository.eidpki.belgium.be/#/download (the topmost cert).

[Frederikus]

There is no reason for the middleware installers to install the rootCA's as they are on the eID cards.

[kvnhck]

Is there any known reason why the root ca6 crt file is not in the list at http://certs.eid.belgium.be/ ?

[yoe]

Different supplier.

The certificates under ca1 through ca4 were created under the supplier for the RSA certificates. The supplier for the ECDSA certificates (CA6) is a different one. Since the CA certificates and CRLs etc are managed by the certificate supplier, the server that provides those certificates is run by the supplier that issued them.

You can find CA6 and all the intermediate CA's under that CA through https://repository.eidpki.belgium.be/

(there is no CA5)